DNS Cluster Setup - Did Synchronization Change?

[Fischecp]

Hello,

I have 2 web servers and 2 nameservers in a DNS cluster environment. A LOT of the old forums and websites out there recommend setting up the 2 web servers to synchronize the changes to the nameservers with a reverse relationship of standalone. However, when I do that - it syncs ALL the records from each web server to the other. So if I had 100 records on server A and 100 records on server B, I now see 200 records on both. Even if I completely remove the reverse relationship, it still syncs down records. I personally don't think that's ideal and I'd like for there just to be 200 records on the NS'.

I noticed a slight change in wording in the documentation between version 84 and 86 though on how synchronization is handled.

84

Synchronize changes — This method synchronizes records between the local server and the remote server. However, you must also select Synchronize changes on the remote server for changes to propagate to the local server. Most administrators use this setting.

86

Synchronize — This method synchronizes records between the local server and the remote server. Most administrators use this setting.

So my question is - am I on the right track, and was synchronization changed between those versions? And how can I accomplish what I want? I'm assuming I need to use write-only as the DNS role, but will I run into issues when transferring sites from server A to server B? Anything else to be aware of if I go this route?

Thanks,
Chris

 

[Fischecp]

Hello,

I posted the original post above a few days ago and it was just approved this morning and I have tested things A LOT over the weekend. I'm still having the issue but I singled things down to just 1 web server and 1 name server to simplify things. Here are the configurations that I have tried below.

ded1 = web server
ns1 - name server (with trial license for testing)

• Configuration 1: (matches screenshots below) On DED1, set NS1 to Synchronize Changes. On NS1, set DED1 to standalone. If I add an account to NS1, it syncs down to DED1. I've tried this 5 times, syncs every time.
• Configuration 2: On DED1, set NS1 to Synchronize Changes. On NS1, removed the entire reverse relationship. If I add an account to NS1, it still syncs down to DED1. I've also tried this a few times just to be sure I wasn't seeing things.
• Configuration 3: On DED1, set NS1 to Write-Only. On NS1, no reverse relationship. This does write changes in a 1-way manner. If I add an account on NS1, it does NOT sync down to DED1. Same with DNS changes made on NS1 - it does NOT sync down.
• Configuration 4: Just to test PowerDNS vs Bind, I updated both NS's to Bind, disconnected and reconnected the relationships to match configuration 1. Still same result, add an account to DR1, it syncs down to DED1.

I've googled and read forum post after forum post and I also read through the release notes. Everything that I've read says Configuration 1 should be a 1-way sync and that's what I'd like to happen but it's obviously not in my case. The only thing that I can find is the difference in the documentation that I mentioned in my previous post. It clearly states (in my opinion) in 86 that it's a 2-way sync. But in 84 it definitely specifies it's a 1-way sync. I imagine a lot of people would be having issues though if it changed. I just can't put everything together to figure out why it's not working as it should. "Write-Only" works as intended but nothing else seems to. Any help is appreciated!

Screenshot of Configuration 1 when logged into DED1 - Web Server:

Screenshot of Configuration 1 when logged into NS1:

 

[cPRex]

Hey there! Sorry about the delay - we don't currently have anyone monitoring forums on weekends, although that might be changing soon.

To start and add some clarification, I'm not aware of any changes to the cluster configuration or wording that would affect this.

Typically, I like to see the configuration on the nameserver machine set to standalone, and the webservers set to synchronize, so that way no changes get pushed from the NS machines to somewhere they shouldn't be.

It may be a good idea to enable the additional logs in WHM >> Tweak Settings >> Logging to see if that gives you more details or errors, as that is frequently my most helpful debugging tool for syncing problems.

You're always welcome to submit a ticket to our team as well as that will ensure a quick response.

 

[ffeingol]

If I'm understanding you correctly, this is the way that the DNS cluster has always worked (at least for us). Each cPanel server in the cluster "sees" all the zones in the cluster. When you join a new server to the cluster ( at least with the sync role) the first thing that the new server does is sync all the zones from the DNS cluster over to the server.

 

[cPRex]

Yup - that's exactly right.

 

[Fischecp]

Ohhhhh.... I was assuming the "sync'ing" was of zones and that it was only 1 way. So for example, if I added a zone to WebServer2, it should sync up to NS1 but since NS1's reverse relationship with WebServer1 is standalone that it would not sync down to WebServer1. I think my understanding of how clusters work though is wrong.

So what's the point of the reverse relationship then if everything is pretty much 2 way with the "synchronize Changes" option selected on the web server?

Where would it even make sense to have a reverse relationship that is "Synchronize Changes" on the name server?

Thanks for the clarification guys! It's definitely helping a cluster newb like me!

 

[cPRex]

Some people want everything to sync with everything else, but I personally think that leads to confusion as you can end up with zones in places they shouldn't be, and that leads to needing to manually delete zones later on. I like the summary we have posted here:

DNS Cluster | cPanel & WHM Documentation

This interface allows you to configure a DNS cluster and add servers to an existing DNS cluster.

docs.cpanel.net

Standalone — This method fetches DNS records from the remote server, but does not write 
     records from the local server to the remote server.
Synchronize — This method synchronizes records between the local server and the remote server. 
     Most administrators use this setting.
Write-only — This method pushes the local server’s records to write to the remote server, but does
     not query records from the remote server to write to the local server.

 

[Fischecp]

Thank you so much for the help so far! I'm very grateful.

That was my thought exactly regarding the zones being in places they shouldn't be! I really don't want WebServer 2's DNS zones on WebServer 1. So that leads back to the original issue though... I have the following configuration and when I create an account on WebServer2, the zones for that account sync to WebServer1. With this setup below, should that be happening?

Setup:
Logged into WebServer1 > Synchronize Changes > NS1
Logged into WebServer2 > Synchronize Changes > NS1

Reverse Relationships
Logged into NS1 > Standalone > WebServer1
Logged into NS1 > Standalone > WebServer2

 

[cPRex]

That's definitely odd, as I would not expect that to be happening with your configuration. Since you have root access to the machines, it might be worth putting in a ticket so we can take a look at the systems and see the confgurations and get you more details, as that's how I'd recommend setting things up if I were doing it.

 

[Fischecp]

Thank you! I'm going to re-provision everything since they only have test accounts on them, relink them in the cluster, and see if the issue still happens. If it does, I'll submit a ticket. Thanks again for your help!

 

[cPRex]

Sound like a plan!

 

[DoghouseAgency]

Based on the above, is the following summary correct?
Standalone = Pull-only
Write-only = Push-only
Synchronise = Push/pull

 

[cPJustinD]

Hello DoghouseAgency! That's pretty much the gist of it. Standalone pulls the records from the remote server, write-only pushes records to the remote server, synchronize can push and pull.

 

[DoghouseAgency]

Thanks!